General
-
Target
c3e5a543f13e20484325ba5a08fd8993880f8282ed5a40e30c97fcf2aea91fa1.exe
-
Size
240KB
-
Sample
240705-b7vsxssapd
-
MD5
bb4b3fd0c725a96ba871f77f9604fa69
-
SHA1
0b3926a1a98b87938b94f8ffd511f7319a576990
-
SHA256
c3e5a543f13e20484325ba5a08fd8993880f8282ed5a40e30c97fcf2aea91fa1
-
SHA512
cce99d6730ba2de4bd530fca0f31c3d702fecc55370e135915dec69415484335879c0e07cb2a406266a4aed641e57c631b27ce7ff30198a23038f25ae0296a63
-
SSDEEP
6144:GVjndzqytMhsZAEO66joa7ZgVtgv5T7K9YWs1NExcl+Vk+jI:FyasZAEB6jo++VSv569YWs1NExcl+Vkt
Static task
static1
Behavioral task
behavioral1
Sample
c3e5a543f13e20484325ba5a08fd8993880f8282ed5a40e30c97fcf2aea91fa1.exe
Resource
win7-20240704-en
Malware Config
Extracted
xenorat
91.92.248.167
Dolid_rat_nd8859g
-
delay
60000
-
install_path
appdata
-
port
1280
-
startup_name
dms
Targets
-
-
Target
c3e5a543f13e20484325ba5a08fd8993880f8282ed5a40e30c97fcf2aea91fa1.exe
-
Size
240KB
-
MD5
bb4b3fd0c725a96ba871f77f9604fa69
-
SHA1
0b3926a1a98b87938b94f8ffd511f7319a576990
-
SHA256
c3e5a543f13e20484325ba5a08fd8993880f8282ed5a40e30c97fcf2aea91fa1
-
SHA512
cce99d6730ba2de4bd530fca0f31c3d702fecc55370e135915dec69415484335879c0e07cb2a406266a4aed641e57c631b27ce7ff30198a23038f25ae0296a63
-
SSDEEP
6144:GVjndzqytMhsZAEO66joa7ZgVtgv5T7K9YWs1NExcl+Vk+jI:FyasZAEB6jo++VSv569YWs1NExcl+Vkt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-